We just raised a $30M Series A: Read our story
2017-10-04T06:44:00Z

What needs improvement with Fortinet FortiGate?

25

Please share with the community what you think needs improvement with Fortinet FortiGate.

What are its weaknesses? What would you like to see changed in a future version?

ITCS user
Guest
116116 Answers

author avatar
Top 20Real User

Currently, FortiGate is providing SSL VPN. But they're missing some features that are available in Palo Alto's SSL VPN. Palo Alto provides a compliance check along with the VPN, and they have a very broad checklist. So Palo Alto's global protection can scan and check multiple things, and we can choose what access users can have based on compliance with policies. So I think this is one area where FortiGate can improve. Also, multi-factor authentication isn't native to FortiGate. If you want to incorporate multi-factor authentication, you have to add a secondary or third-party solution.

2021-11-01T13:55:08Z
author avatar
Real User

There are a lot of bugs I have found in the solution and it is difficult to upgrade. These areas need improvement.

2021-06-06T11:35:00Z
author avatar
Top 5LeaderboardReal User

It would be a benefit if Fortinet would release a one-stop solution that is better integrated with other products and has an automated emergency response system.

2021-02-05T20:55:16Z
author avatar
Top 20Real User

We aren't really missing any features. The solution isn't lacking anything. We've been overall very please with the experience we've had. There aren't really any negative aspects to discuss.

2021-02-04T12:14:21Z
author avatar
Top 20Real User

The logs need to be better. They need to be more visible and easier to access. The VPN features could use some improvement.

2021-02-03T16:40:32Z
author avatar
Top 20Real User

The initial setup and configuration are not intuitive and require training.

2021-02-02T22:19:41Z
author avatar
Top 5Reseller

The cloud features can be improved. The sandboxing part is only available in limited parts of the cloud. If they could expand that, customers would find it slightly better. The price can always be cheaper as well.

2021-02-01T12:52:32Z
author avatar
Top 20Reseller

In the balance between links feature normally you can just choose one option to balance. It would be better for the solution to have more than one option, preferably three.

2021-01-29T05:52:08Z
author avatar
Top 5Real User

The Wi-Fi controller feature needs a lot of improvement. The function itself is not as stable as it should be in our use case which might be a problem in either the APs or the controller. Would like to see more wizards and automation for more features such as virtual servers, SSL VPN, and others where policies, rules entries are created automatically form wizard input. Some of the features related to load-balancing and traffic shaping are not as straightforward as they need to be. The VPN functionality needs low-level debugging get what really going on. Log level is too detailed and requires someone who is quite experienced to analyze and solve those issues. Zero-trust base features are lagging behind the other competition, based on what I have read. Would like to see those features in a clearly in the UI.

2021-01-28T21:42:13Z
author avatar
Top 5Real User

We would like to see better pricing.

2021-01-28T11:55:43Z
author avatar
Top 20Real User

The only problem that we have here in China is that the whole subscription process on Fortinet is a little bit difficult if you are doing it from China. China has kind of a firewall around the country, and we sometimes have complications due to that aspect. As a whole, I don't think that the product is actually missing any features. You do need some IT knowledge in order to effectively work with the solution.

2021-01-28T09:08:02Z
author avatar
Top 5Real User

Security is a continuous process. In every product, there is a requirement for improvement. Its pricing should also be improved according to Indian market requirements. They must also improve on the reporting part. Its reporting can be more precise. If we can get a real-time report in a specific format, it will be helpful for customers to know about the current status of their security.

2021-01-25T14:41:56Z
author avatar
Top 5LeaderboardReseller

The solution could have licensing fees reduced in the future.

2021-01-25T06:52:29Z
author avatar
Top 20Real User

In our environment, we need multiple virtual firewalls to facilitate end users and customers. Fortinet doesn't provide that but they really should include that feature.

2021-01-23T11:10:02Z
author avatar
Top 20Real User

The price could be improved. In the next release, I would like to see the interface simplified to be more user-friendly.

2021-01-23T06:10:01Z
author avatar
Real User

We currently have two on-premise data centers with several separate firewall units and unfortunately they don't connect with each other. We'll likely migrate to Azure in the next two years because of that.

2021-01-22T21:08:36Z
author avatar
Top 20MSP

The way everything is set up could be easier. Currently, people need a lot of experience and knowledge to administer it and to link it to devices.

2021-01-21T19:21:59Z
author avatar
Top 5Real User

The solution overall is quite good. It works how we need it to. I can't recall seeing any features that are lacking. We haven't had any breaches in our organization, however, I have read in journals that there have been some issues. There may have been some bugs after an update, however, that has since been resolved. We saw a few bugs in the web field and when we ran an update it was resolved in the new version. Some resources must be accessed via web fields. We were not able to access them at first. However, it was a simple task to fix it and that has since been resolved. The pricing could be a bit better, especially when you consider how they have the most basic offering priced.

2021-01-15T19:06:15Z
author avatar
Top 5Real User

The solution could be more user friendly.

2021-01-14T07:09:24Z
author avatar
Top 5LeaderboardReal User

The sniffing packets or packet captures can be simplified and improved because it's a little confusing. The automation feature has some limitations and could be better.

2021-01-13T15:11:57Z
author avatar
Top 20Real User

The Fortinet support needs improvement and also the quality control of the firmware (there are a lot of bugs)

2021-01-11T22:16:54Z
author avatar
Top 5Real User

In terms of what could be improved, the SD-WAN is quite difficult, because if you install in the new box, 15 is okay, but if you change from an old configuration, if there is already a configuration and a policy when you change to SD-WAN, you must change the whole policy that you see in the interface.

2021-01-11T10:00:00Z
author avatar
Top 20Reseller

The support costs and licensing are sometimes so expensive. They should work on their pricing model.

2021-01-09T07:15:17Z
author avatar
Top 20Real User

They can do more tests before they release new versions because I would like to be more assured. We had some experiences where they release something new and great, but some of the old features are disabled or they don't work well, which impacts the product satisfaction. The manufacturer should be able to prove that everything works or not only that it might work. This is applicable to most of the other services, software, and hardware companies. They all should work on this. We cannot trust every new release, such as a beta release, on the first day. We wait for some comments on the forums and from other companies that we know. We always wait a few weeks before we use the updated version. They should also extend the VPN client application, especially for Linux versions. Currently, it has an application for Linux devices, but it doesn't work the way we want to connect to the VPN. They use only the old connection, not the new one. They have VPN client applications for Windows and Mac, but they can add more useful features to better manage the devices and monitor the current health of each device. Such features would be helpful for our company.

2021-01-06T07:10:18Z
author avatar
Top 20Consultant

The solution isn't really lacking features per se. The product does need better support in the cloud environment. It's not exactly cloud-native right now. The solution needs to do more on the deployment in the multi-cloud. For example, clients have GCP and AWS. How do we deploy FortiGate in a cloud environment? Right now, there's no solution for that. We're worried that the scalability isn't as good as it could be.

2020-12-31T09:56:18Z
author avatar
Top 5Real User

Technical support needs to be improved.

2020-12-29T14:45:02Z
author avatar
Top 20Real User

The only challenge that we are facing is that a good internet connection is required for VPN stability. Some of the web policy reports could be improved. There are reports generated that show exactly which user is using how much bandwidth, and which sites they have been browsing. We should have a way to show that on a single screen. As it is now, when I click on a user, the information shows on another tab.

2020-12-29T09:29:46Z
author avatar
Top 20Real User

It's good, and I feel that there is nothing more that can be added. The pricing could be reduced or include the first year warranty.

2020-12-29T02:48:49Z
author avatar
Real User

We would like to see an upgrade to the VPN feature, we are using the VPN from outside of our office and there is a limitation to 10 connections, more connections would be suitable. Also, the security could improve on some features that are available.

2020-12-28T11:15:19Z
author avatar
Top 20Real User

The customization could be improved. Cisco, for example, is much better at this. They need to work to be at least as good as they are.

2020-12-25T01:44:56Z
author avatar
Top 20Real User

There is room for improvement. When it comes to email spam detection, Baracuda is the highest or the best, Cisco is the lowest, and Fortinet FortiGate is in the middle. Application management can be improved. Analysis and sandbox can also be improved in the next release.

2020-12-24T19:42:12Z
author avatar
Top 20Real User

FortiLink is the interface on the firewall that allows you to extend switch management across all of your switches in the network. The problem with it is that you can't use multiple interfaces unless you set them up in a lag. Only then you can run them. So, it forces you to use a core type of switch to propagate that management out to the rest of the switches, and then it is running the case at 200. It leaves you with 18 ports on the firewall because it is also a layer-three router that could also be used as a switch, but as soon as you do that, you can't really use them. They could do a little bit more clean up in the way the stacking interface works. Some use cases and the documentation on the FortiLink checking interface are a little outdated. I can find stuff on version 5 or more, but it is hard to find information on some of the newer firmware. The biggest thing I would like to see is some improvement in the switch management feature. I would like to be able to relegate some of the ports, which are on the firewall itself, to act as a switch to take advantage of those ports. Some of these firewalls have clarity ports on them. If I can use those, it would mean that I need to buy two less switches, which saves time. I get why they don't, but I would still like to see it because it would save a little bit of space in the server rack.

2020-12-23T23:08:27Z
author avatar
Top 20Real User

The ease of use could be improved.

2020-12-23T23:08:26Z
author avatar
Top 20Real User

The feedback that I have received is that the performance could be better, and the user experience is not as good compared to a previous solution we used. It could be more user-friendly. Of course, it still works fine for our operations.

2020-12-23T11:59:09Z
author avatar
Top 20Real User

The integration with third-party tools may be something that they should work on. We haven't actually tried to implement that, however.

2020-12-23T09:04:07Z
author avatar
Top 20Reseller

They are doing good, but they can improve the distributor assignment. The availability of the product and the timeline of delivery are the main things. The distribution should be swift, and the distributor should not reach out to end customers directly. They should work as a distributor. There should also be one more local distributor. Currently, there is only one distributor in Pakistan, and the rest of them are in UAE. It is difficult to work with only one distributor. Sometimes, you don't get along with the same distributor, and that's why they should have one more distributor. Their licensing should also be improved. The activation or renewal of the product should be done from the date of renewal, not from the date on which the license expired.

2020-12-22T09:47:25Z
author avatar
Top 5Real User

In terms of the product, we don't have anything to improve. But I have a concern about the FortiGate team here in Egypt, because there is an opportunity that we are working on and when we opened it and did the deal installation, it was rejected. When I talked to the FortiGate team here in Egypt, they told me they know about the deal, but they rejected it. Additionally, they could make some modifications in the license. There are some license issues. Not every feature must have a separate license. There must be some kind of synergy between the license so we don't have to pay for every individual license that we would like to have.

2020-12-21T16:36:00Z
author avatar
Top 20Real User

We have an issue with the license when it expires because we're unable to use the computers. We are in the hotel industry and there's an issue with vouchers when guests come in wanting to use them.

2020-12-16T03:13:19Z
author avatar
Top 20Real User

A feature for bandwidth monitoring and the ability to have more bandwidth testing would be useful to include in future releases.

2020-12-14T17:25:00Z
author avatar
Top 20Real User

Its reporting capabilities can be improved. Some out-of-the-box reports needs to be able to provide usable data for example for web monitoring and reporting or browsing patterns and details. Some customers does not require any forensic type reporting and may not want to invest in all the features offered by the FortiAnalyzer.

2020-12-11T16:08:25Z
author avatar
Top 5LeaderboardReal User

The support is the main thing that needs to be improved.

2020-12-11T13:16:41Z
author avatar
Top 20Real User

The support structure needs to be improved because every time we contact them, there is a delay in the response.

2020-12-11T09:24:57Z
author avatar
Top 20Real User

I would like to see the product updated more frequently. In the future, I would like to see improvements made to cloud-based management. They already have some features for this, but it's very basic.

2020-12-10T20:25:28Z
author avatar
Top 20Real User

In terms of what can be improved, they do have certain features that you can only configure through a CLI and there's no GUI interface for it. That's a pain. But it's nice that the user can do everything one way or the other. They sometimes hide some features and if you want to enable them, you have to go in the CLI, enable the feature and configure it through the CLI. Customers, typically, like everything to be done by the GUI.

2020-12-09T05:46:00Z
author avatar
Top 20MSP

The price of FortiGate should be reduced because there are some other leading products that are cheaper.

2020-12-08T22:04:28Z
author avatar
Top 20Real User

I think some improvements could be made in vulnerability scanning. I'd also like to see additional features in the authentication. They support RADIUS, LDAP but the solution doesn't have API integration with other solutions. They have API in FortiAuthenticator, but not in the firewall and not all customers want to buy another solution.

2020-12-08T16:51:55Z
author avatar
Top 20Real User

I'm not sure if the solution is really lacking anything major. For us, it works okay. They seem to have made a lot of improvements since the last release. Technical support could be better. You don't always get the level of help you need right away.

2020-12-08T15:30:07Z
author avatar
Top 5Real User

It's difficult to add or define, and it's not that easy to configure and manage. We're looking for something more flexible for the long term. I also find that the performance is limited in comparison to other solutions.

2020-12-08T12:00:18Z
author avatar
Top 5LeaderboardReal User

In terms of what could be improved, the FortiGate support could do some improvements on their IPv6 configuration. Right now it's still in the very early stage for utilizing in an enterprise level network environment In terms of the FortiGate IPS, we haven't gotten additional tools because they are not free, and we have to purchase them to maximize this IPS feature. As long as they can perform some basic functions to meet our business needs, that is okay. I'm okay with this feature right now, so far. In the next release of FortiGate the price could be better.

2020-12-07T12:07:00Z
author avatar
Top 10Reseller

Fortinet currently has many products bundled with FortiGate including the basic firewall and load balancer, and I think that that they need to have separate product portfolios for each of these specialized services. When it comes to large deployments, I don't think it's a good plan to have all of these services in a single box. I think that they should introduce in-line security at the packet level, where they can do filtering and other firewall functions. It should not comes down to the infrastructure level but rather, offer services at the ISP level.

2020-12-07T10:32:47Z
author avatar
Top 20Real User

The product has enterprise capabilities, which means there are a ton of configurations possible. What I'd like to see in the product is more of a branch in the box wizard deployment for those that are not as well versed in firewall and routing. For a small business, the firewall should be able to self-configure for a Unified Threat Management configuration with 2 SSIDs for protected wireless network for internal gear and a guest wireless network for employee cell phones and guests. I'd like to open the box, plug in the router behind the cable modem, and check a few boxes, and the rest is done automatically. I don't want to have to build a configure VLANs, SSIDs, security protocols for each port, and try to figure out and understand all the layers in an effort to deploy a solution. It's great to have those capabilities in case you need them, but for most of the offices I am trying to deploy these into--it should be a branch in a box.

2020-12-07T06:26:18Z
author avatar
Top 20Real User

If I had any criticism that I would give FortiGate, it would be that they need to stop changing their logging format. Every time we do a firmware upgrade, it is a massive issue on the SIM. Parsers have to be rebuilt. Even the FortiGate guys came in and said that they don't play well in the sandbox.

2020-12-06T06:26:41Z
author avatar
Real User

Fortinet is a very big product. It has FortiGate, FortiWiFi, FortiSwitch, email security, etc. Due to this, they have some weaknesses in the ISPs, the services. They could improve these aspects. Hotspot services especially could be a lot better. There are just some services that aren't available. For example, the Ethernet or point-to-point protocols. They could add these services to their product offering - especially services for ISPs.

2020-12-06T06:26:41Z
author avatar
Top 5LeaderboardMSP

The cloud management should improve. There are other manufacturers that have better management cloud solutions. Aruba, for example, is very good at this aspect. Fortinet could look to them as a model of how to do something interesting with management solutions. Fortinet across the board needs to improve the LAN aspect of their products. The solution lacks multi-language support. They could offer access points to small companies and firewalls at those access points. Aruba, in that sense, is much better for smaller organizations as they provide this possibility.

2020-12-06T06:26:40Z
author avatar
Top 20Real User

It should provide better visibility over the network and more information in the form of reports for the end users. Its installation should also be easier.

2020-12-04T13:50:13Z
author avatar
Top 20Real User

The support could be improved upon somewhat. The performance could be a bit better. Right now, I find it to be lacking. Having good performance is very important for our work. The command line operation is a bit out of our depth.

2020-12-03T17:54:25Z
author avatar
Top 20Real User

The solution needs to improve its integration with cybersecurity. While in general, it's pretty good, this is always a concern as the landscape shifts constantly. They need to ensure they stay on top of things so that their security and integrations stay constantly up to date in order to protect our company.

2020-12-03T16:04:03Z
author avatar
Real User

Technical support is good but the response time could be faster. When it's overloaded, it works slower and overheats. The data analysis could be improved.

2020-12-03T07:46:04Z
author avatar
Top 20Real User

The solution could be more evenly structured and I'd like to see orchestration in the calls included. The solution currently lacks that feature.

2020-12-02T23:53:15Z
author avatar
Top 20MSP

I don't like that anything more than very basic reporting is not included. You have to buy their cloud module that's an add-on for getting more customized reporting. It has just about everything that we are looking for and the customer is needing. It's just the reporting part that is lacking in the base application. Technical support could be improved.

2020-12-02T18:11:21Z
author avatar
Real User

The captive portal could be improved.

2020-12-01T02:04:44Z
author avatar
Top 5LeaderboardReal User

The biggest "gotcha" is that if the client purchases what they call the UTM shared bundle, which has unified threat management on both, it's not as easy to manage if you have more than one firewall. If I wanted a unified console, I have to pay extra. And that's the downfall. That's the only needed improvement that I would say for the Fortinet solution, is that they should have it web-based from the get-go. You should not have to buy an extra bundle or an extra device. If I have to make an update to a web filter, and I have 12 devices, I've got to do it in 12 places. If I don't want to do that the client can pay for a pretty expensive device or virtual appliance that does that for them. It's like an expensive centralized management tool. That's the big downfall of Fortinet. It doesn't come included, you have to pay for it. Their web-based one, that's sort of just like an inventory manager. It's not really good for distributing roles. With Cisco, you don't have to do anything. The one from Aruba HD has one too. Fortinet should try to be similar to those options. In the next release, it would be amazing if they could give a better tool for upgrading, so that if I upgrade from an older version to the other, it can read the configuration and processes it for me so that I don't have to rewrite it from scratch. In FortiConverter, they have a tool like this, however, it doesn't work well. It's really more for bringing items in from other vendors, not from one version to the other. That was my last experience where they operated from version five to six. However, that's really the only big thing. The main thing is to include the FortiManager cloud software like Cisco does. To have one solution. If you paid $150 a year for the support, you might as well get that too so I could manage all the devices at one spot. They do have FortiCloud, however, it's not the same as the way Cisco does it. They are selling another product called FortiManager. FortiManager should be included with the support, and that would make it more of a business solution, rather than a feature request.

2020-11-29T05:37:05Z
author avatar
Top 20Real User

It should have a better pricing plan. It is too expensive. It should also have a more granular view of the attack. I don't have FortiAnalyzer, and it is difficult for me to have a complete view when there is an attack on my server.

2020-11-27T02:21:39Z
author avatar
Top 5LeaderboardReal User

The search tool needs improvement. It's very difficult to search for policies right now. When we need to engage with the endpoint or our customer during an investigation, there should be a way to investigate the issues without the need for the customer to be present. It would make it much easier.

2020-11-26T18:55:47Z
author avatar
Top 20Real User

The user interface could be improved.

2020-11-26T18:09:47Z
author avatar
Real User

The command line is complicated, and the interface could be better.

2020-11-25T16:20:40Z
author avatar
Top 5LeaderboardReal User

It is stable, but its stability can be improved.

2020-11-24T14:53:02Z
author avatar
Top 20Reseller

The central management for the FortiGate Fortinet Firewall needs improvement. They have the manager to do the essential management for both SD-WAN and the security policy. They should also improve the SD-WAN function.

2020-11-21T08:42:00Z
author avatar
Top 5LeaderboardReal User

It should be more stable. There should be full integration within Fortinet products themselves as well as with other third-party products. Especially when you're not dealing with SIEM and the correlation of the security box, we want Fortinet to be able to share that information with as many other products as it can.

2020-11-20T16:42:56Z
author avatar
Top 5LeaderboardMSP

The PPPoE server protocol with a connection to a Radius server is used a lot by ISPs and not so much by the end user. I think it would be great to see this solution with the protocol developed for ISPs.

2020-11-19T19:51:00Z
author avatar
Real User

Fortinet is huge in today's market and they've become quite expensive. I think there are products at the same level as Fortinet, but with better prices. They've changed their subscription plan and are now forcing companies to subscribe 24/7.

2020-11-19T05:38:13Z
author avatar
Real User

It could be more stable and secure. They can improve the ability to make changes, change requests, and provide more rounded monitoring in terms of security and potential threats.

2020-11-18T13:22:00Z
author avatar
Top 20Reseller

The license renewal process, annual renewal price, and the web application firewall features should be improved.

2020-11-14T09:21:59Z
author avatar
Top 5Real User

The visibility of the network can be better. The GUI can be improved for better visibility of the network flow. Other solutions have better GUI in terms of network visibility.

2020-11-13T14:33:09Z
author avatar
Top 5Reseller

Fortinet is good in terms of security and threat prevention, but they are not leading. For example, the signature database can be improved. If they had better integration with security products, such as Cisco ISE or Rapid Threat Containment, then it would be an improvement. Customers that have ISE implemented are able to provide inputs based on malicious traffic, and then ISE will automatically block it.

2020-11-12T18:37:56Z
author avatar
Top 5Reseller

I'm from the sales side and therefore I wouldn't really know if there are features that are lacking. It's my understanding that more of the current generation features could be brought in. There could be more integration with EDRs, for example.

2020-11-11T08:22:00Z
author avatar
Top 20Real User

There are a lot of known issues in some newer versions of the FortiGate operating system, so there is room for improvement with that. One of the problems I was having was with user mapping, and it is an issue for which I have escalated tickets with Fortinet support. Having the newer features work in the older, more stable versions of the product would be great. Some of the new features might really help a lot, but there are problems with stability.

2020-11-11T08:12:05Z
author avatar
Top 5LeaderboardReal User

The commercial side of things can be improved a bit. They have such a good product, and when you disable some features, it has to be commercialized for you to enjoy those features. Therefore, you are actually buying half a product. You have hardware there, and yet, your features are not enabled. The primary things, such as the antivirus, web filter, DNS filter, application intrusion, file filter, and email filter come with the general license. There are other things that you want to also enjoy in this system and you can't. There are SD-WAN network monitoring, SD-WAN features, Industrial Databases, Internet of Things, Detection, etc., however, we do have not licenses for those features. We thought that if you bought a product, you should have all of the features it offers. Why should you need to make so many extra purchases to enable features? They should have one price for the entire offering. That's one of the drawbacks they could look at. Sometimes the firmware automatically updates itself. Then it corrupts the configuration and you have to roll back or you have to do amendments to the configurations. That, however, has happened only once with us. We have put in controls for automatic updates to stop them and now we do manual allowance or we allow the manual update. Most of the features are good. They give you pricing and you get a VPN for about 10 users where you can test it. For us, we feel that we need to buy extra licenses due to COVID, as people are working from home. Under the current conditions, we are not getting the best out of the firewall. They could just maybe put better graphics or better reporting into the solution. I want to know who is the user and what is the exact website they're visiting. Something like that would help. They should do more like what the GFI is doing.

2020-11-08T06:36:20Z
author avatar
Real User

Some of the features in the graphical user interface do not work, which requires that we used the command-line-interface. We have problems with that. Log retention should be greater than 24 hours.

2020-11-07T07:35:23Z
author avatar
Top 20Reseller

If it would integrate everything in one place then it would be an improvement. I wanted to buy some switches and integrate them into the system, but we couldn't find anyone here in Israel to provide them or to provide support. Also, we could not get a replacement if something needed to be replaced. We wanted to use one vendor to do everything from one managed central management point. It may be something they offer now, but I am not sure. It would be helpful if we can have one easy place to manage, or from the cloud to all the devices that are at the client's location. This is the backbone, the switches, the access points, FortiGate, everything. Sometimes you do need to know some CLI commands, so it's a bit harder for technicians or new people that don't know it. So, if you could do everything without that, it would be much easier when you do V-LANs.

2020-11-03T14:41:58Z
author avatar
Top 20Real User

The only thing is sometimes you have to learn with CLI. For those not familiar with CLI it can be an issue. It would be ideal if we could avoid using CLI. If you make a mistake in the command line, it's harder to detect. It would be much better if they had a user-friendly GUI. The initial setup is complex.

2020-11-03T00:07:14Z
author avatar
Top 5Real User

The performance and speed are aspects of the solution that could always be improved upon.

2020-11-02T22:32:50Z
author avatar
Top 20Real User

Quality control on their firmware versions needs improvement. When they introduce new firmware, there tend to be bugs. I would like the licensing price to be better. It would be nice if it were less than 25 percent of the hardware costs.

2020-11-02T22:27:13Z
author avatar
Top 5Reseller

There are some cloud-based features that could be much more flexible than they currently are. It's my understanding that they are currently working on improving the cloud solution quite substantially.

2020-11-02T21:24:05Z
author avatar
Top 20Real User

I would like to see a more intuitive dashboard. Technical support can improve in knowledge sharing and they can implement better. The dashboard appearance needs to be more refined. It has to be smoother and more customer-friendly. As the cloud is more prominent and more are moving towards the cloud, people are used to certain ease of doing things, and less complicated. I understand that a firewall is a technical product, but we can try to make it a better customer experience which will increase usability with good results.

2020-10-28T22:16:17Z
author avatar
Top 20Real User

In the enterprise proprietary world, Fortinet, in my experience, considering its cost and reliability (maybe they could bring the price down or maybe they could make more plans), I honestly don't think that there is much room for improvement. I think it's a pretty good solution for anyone who is looking for a proprietary solution. I wouldn't look anywhere else. Cisco, for example, is probably way overpriced. Fortinet on the other hand, one of their strong sides is that they have an all-encompassing solution with a very reasonable price point. Cisco and other brands are a little bit more modular — to get everything you'd have to buy a lot of different packages. An automated guide feature or templates that you could pick and choose would be a nice addition. It's definitely not as easy to look at traffic as I would like. Sometimes when I'm trying to see what traffic has been blocked or what traffic has been passed, it's not as easy as I would like to filter it out or to monitor bandwidth. The monitoring is not as good as it could be. It could be a lot easier to understand. For example, I was trying to figure out, in a given timeframe, how much was downloaded off of a certain interface and I didn't really understand how I could get that information or if it was even available. I was searching the documentation online and I couldn't even figure it out. Monitoring and reporting could be better; It's very good, but there's definitely a lot of ways to improve it.

2020-10-26T18:43:00Z
author avatar
Top 20Real User

For me, this solution has nothing to improve and it meets the needs that I have. I don't see any way to improve, at least from my point of view on regular use. In the next release, maybe the documentation on how to use this solution could be improved. What I have noticed is that when we have done some configurations directly from the command line, there is not a lot of information regarding splitting.

2020-10-26T14:49:14Z
author avatar
Top 5LeaderboardReal User

FortiGate is really good. We have been using it for quite some time. Initially, when we started off, we had around 70 plus devices of FortiGate, but then Check Point and Palo Alto took over the place. From the product perspective, there are no issues, but from the account perspective, we have had issues. Fortinet's presence in our company is very less. I don't see any Fortinet account managers talking to us, and their presence has diluted in the last two and a half or three years. We have close to 1,500 firewalls. Out of these, 60% of firewalls are from Palo Alto, and a few firewalls are from Check Point. FortiGate firewalls are very less now. It is not because of the product; it is because of the relationship. I don't think they had a good relationship with us, and there was some kind of disconnect for a very long time. The relationship between their accounts team and my leadership team seems to be the reason for phasing out FortiGate.

2020-10-26T10:33:43Z
author avatar
Top 20Real User

We would like to see a better training platform implemented.

2020-05-18T07:50:11Z
author avatar
User

They ARE leaders.

2020-05-05T09:07:00Z
author avatar
Top 20Reseller

To the best of my knowledge, Fortinet does not have a CASB solution and Fortinet does not have a Zero trust solution. Fortinet claims to do everything Zscaler is capable of and I'm looking for a comparison between the supported features. Fortinet VPN and DDoS capabilities are great, yet we need to provide a solution that enables CASB and integration to the cloud.

2020-03-05T20:17:00Z
author avatar
Top 20Real User

The user interface could be improved to make it less confusing and easier to set up. There are too many pull-down menus.

2020-02-25T16:13:00Z
author avatar
Top 5Consultant

We are managing FortiGate using a FortiManager and it needs improvement with respect to the ease of administration tasks. There is a lot of improvement needed with SSL-VPN. Technical support could be improved.

2020-02-17T12:54:00Z
author avatar
Real User

Improvement is needed in the Web Filter quotas to restrict users with allocated quotas. It would be an improvement to add a feature for active users to change/reset their own passwords. Fortinet renewal prices for all models are too high, so they should offer discounts for customers on renewal.

2019-10-12T12:51:00Z
author avatar
Consultant

FortiWAN was supposed to help in doing intersite linking, but we've realized that most of the ISPs use BGP. FortiWAN supports OSPF but does not support the BGP protocol. This is a problem for us because without BGP they are not doing anything, and we've had to pack them up. I would like to see the BGP protocol supported on FortiWAN. Technical support for this solution can be improved.

2019-08-28T09:52:00Z
author avatar
Real User

I would like to have logs, monitoring, and reporting for a month without extra fees.

2019-07-22T07:27:00Z
author avatar
Real User

The Web-filter in this solution is not very good. Perhaps because Fortinet does not want to compete with its own dedicated solution.

2019-06-12T13:40:00Z
author avatar
Top 10Reseller

FortiOS is not simple. Too many people think it should be simple to use, but the complexity of the product makes that impossible.

2019-06-05T14:36:00Z
author avatar
Real User

This product could be improved with active directory integration and better handling in IPsec and GRE Tunnels. There are not enough recent online materials to assist in integration with Cisco for VPN, GRE, and IPSec.

2019-04-30T12:38:00Z
author avatar
Real User

I use the FortiGate 60D model and realized the 300Mbps bandwidth limitation. Because it is a product that offers many services, I think it could have greater bandwidth capacity.

2019-04-27T00:45:00Z
author avatar
Real User

It is mainly our own application of FortiGate that we need to improve. If you compare FortiGate to any other products, all of the other products have more signatures. I couldn't find that many signatures available in the application. Some features of Fortinet FortiGate are actually fee enabled that are inconvenient for deploying in production. Other issues relate to isolation with Cisco products and your server. Fortinet should make it so that we are not able to use analytics from Cisco at the same time that FortiGate is installed. We are not able to do real-time network monitoring. For the next release, FortiGate should be improved to support these issues. For the setup, you need to prepare a lot for that before engaging the deployment. I learned a lot about FortiGate from books. That should be important in preparation. Fortinet should implement these changes, then we would be able to do more.

2019-04-18T09:59:00Z
author avatar
Real User

The reporting needs to be improved. Also, the VPN (Virtual private network) monitoring needs improvement. Beyond these improvements, I cannot think of any additional features that I would like.

2019-04-18T09:59:00Z
author avatar
Real User

The monitoring and the visibility, in this proxy, is very weak. I would for them to develop better visibility, monitoring, and reporting.

2019-04-02T07:02:00Z
author avatar
Real User

They should improve the interface to make it more user-friendly. I would like to see some sort of reporting if there was an issue with the connecting network sources or connections.

2019-03-26T08:09:00Z
author avatar
Top 5Real User

Fortinet needs more memory to save the log files (like in the 101E, the old product). We need it to save the logs on the hardware and not in the cloud. I know this feature is available in FortiCloud, but if we need to log locally, it is not available. Also, the log only records a little time and needs to be longer.

2019-03-26T08:09:00Z
author avatar
Real User

The Fortinet FortiGate firewall has been improved with many new functions. Fortinet is working to develop a new generation of firewalls with better security. Fortinet already improved FortiGate, but in the current market, many brands of security devices have improved together. Fortinet still needs to catch up with market standards. Fortinet is lacking in features in comparison to competitors.

2019-03-26T08:09:00Z
author avatar
Real User

The FortiGate reporting system needs to be more detailed about files. Palo Alto Networks is more detailed in the reporting system than Fortinet. Currently, as for our security, we don't need more. The main reporting in Palo Alto Networks is much more developed than Fortinet, especially in the part of the file exchange. As a security lead, I think Fortinet FortiGate is much more reliable than Palo Alto Networks.

2019-03-14T11:34:00Z
author avatar
Reseller

Flexibility is questionable when it comes to the hardware parts. If Fortinet can make FortiGate modular so that you can actually upgrade it without changing the parts, I would prefer it. If Fortinet FortiGate could actually integrate with the hybrid cloud architecture without changing the storage parts, i.e. the hardware, it would be better.

2019-03-12T07:26:00Z
author avatar
Consultant

Fortinet could improve the windows opener or the virtual IP solutions for opening windows. The virtual IP settings need improvement as firewalls are trending in new development directions.

2019-03-06T07:41:00Z
author avatar
Real User

We have many users currently with this solution. One issue that I have had is that sometimes I need to monitor the traffic, so I need to filter it according to the user and which user is using it the most. I experience a bottleneck most of the time, particularly at peak time when the number of contracts and users are at maximum. We feel a kind of bottleneck. When I first entered the log section, I could not find any results. I did not find any proof, i.e. reporting and analytics on the speed and network availability were not optimized. I could not find any such log from the server, maybe Fortinet could improve this service.

2019-03-06T07:41:00Z
author avatar
Real User

The main aspect of FortiGate that could be improved is load balancing. Our management team does not want to buy another appliance for only load balancing. The network routing with Fortinet FortiGate can be an issue, but it generally depends on the size of the company.

2019-03-03T11:18:00Z
author avatar
Consultant

I recently saw the new updates that are coming, such as the ability to quarantine a user's machine. Once done, you have the ability to connect to it from the FortiManager Console and you can bring it back online, out of quarantine. This is all very good news. One of the areas that I feel need improvement is on the DLP (Data Leak Prevention) side of things. Compared to some other products, the DLP is not at par for the moment. Also, if in the next few years this solution can be made to support HE between models, it would be better. I feel that improvements can be made on the security side. Sometimes the product does a good job, but sometimes not.

2019-02-26T08:25:00Z
author avatar
Real User

Since we are in the initial stages of implementation I can't suggest any additional features for the next release. At this point, I really need more time to evaluate the tool. The only thing I can recommend at this time is to make improvements for the user end when the user website is running slowly; the speed can definitely be improved. There is room to include IP wise and net-wise and bandwidth settings.

2019-02-13T08:31:00Z
author avatar
Real User

We had a minor problem where there was a major system upgrade on the hardware platform and the Apple Mac client was not available as soon as it might have been. The PC client was available immediately, but we had to wait a month or so, before there was a Apple Mac client. I was slightly irritated that it was not ready on time, but it was eventually resolved.

2019-01-10T08:22:00Z
author avatar
Top 20PopularUser

I think there could be more QoS features in GUI. FortiGate has Traffic Shaping feature that is enough in most cases when shaping egressing packets, but sometimes I just need 802.1p prioritizing (Class of Service) of incoming packets and manual ingress queue assignment. This is what would be nice to have, but I realize that such a job is more efficiently done by L4 switch standing before firewall. Fortinet has a FortiSwitch that can do it, and it also can be controlled by FortiGate via FortiLink protocol. [Firmware version FortiOS 6.2 update]: There are a lot of improved and newly added things, so it is very hard to imagine any additional features.

2017-11-26T17:38:00Z
author avatar
Top 20Reseller

Need to Improvement in Reporting

2017-10-04T06:44:00Z
Learn what your peers think about Fortinet FortiGate. Get advice and tips from experienced pros sharing their opinions. Updated: December 2021.
555,358 professionals have used our research since 2012.